I'm a Fellow at the Adam Smith Institute in London, a writer here and there on this and that and strangely, one of the global experts on the metal scandium, one of the rare earths. An odd thing to be but someone does have to be such and in this flavour of our universe I am. I have written for The Times, Daily Telegraph, Express, Independent, City AM, Wall Street Journal, Philadelphia Inquirer and online for the ASI, IEA, Social Affairs Unit, Spectator, The Guardian, The Register and Techcentralstation. I've also ghosted pieces for several UK politicians in many of the UK papers, including the Daily Sport.

Yes, Apple Really Does Have A Serious Problem With Computer Viruses And Malware

As those with memories stretching back a couple of decades will recall the various forms of computer malware, the viruses, trojans and the like, were things that affected Microsoft Windows users. Mac users, those using Apple‘s integrated systems, could just laugh and giggle at those poor fools who were using the wrong equipment. Well, no longer:

Apple believes the hackers who penetrated its machines were the same group that Facebook announced Friday had gained access to a number of its employees’ computers. Those Facebook attackers gained access to their targets’ machines using an infected developer’s website that exploited a vulnerability in Java; Apple says the same trick was used to access its employees’ machines.

I’m sorry but I do find that amusing, that it was internal Apple computers that got infected. Perhaps I shouldn’t but I do.

Now yes, we can say that this is only one example, that it’s been cleaned up already (a patch of the Java vulnerability has already been issued) and so on. But it brings us back to a long running point of mine. Why is it that Apple’s machines weren’t getting attacked? There are two possible explanations. The first is that the system is vastly more secure and doesn’t have enough holes in it for an attack to work. People kept trying but only very occasionally did they succeed as above. The other is that Macs were simply not a large enough part of the overall computing ecosystem for it to be worth targeting them. If it is that second reason then with the growth in popularity of the two Apple architectures the bad guys are going to see that it’s worth trying to create viruses for those architectures: thus we’ll see an increase in them.

As it happens my own view is that it is partially explanation one but only partially. Yes, I do think that MAC OS and iOS are more secure than Windows was, certainly, quite possibly more secure than it is. What makes me think that Apple has a serious problem about computer malware is that I think that much more of it is to do with explanation two. That the malware authors have only just realised that there are enough Macs and iPhones out there to make them worth attacking. And that they will find (some at least) vulnerabilities to exploit. And that’s what Apple’s problem is: we’re only just at the beginning of the attempts to crack Apple’s computers.

Yes, I’m sure that Apple is more secure than many to most other software systems. But I’m equally certain that the criminals aren’t going to give up given the size of the population they can aim at now. No, I don’t think it will get as bad as it did with Windows for a time: but it could at the very least get very boring and annoying having to fight off such malware attacks on systems that have traditionally been free of them. And the seriousness of Apple’s problem is that they’re not, as yet at least, used to dealing with this particular problem. Quite apart from anything else there isn’t the ecosystem of anti-virus software writers as there is for Windows.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

There is AVG and Avast for Macs – as there is for PC’s. I would suggest Apple users install one of them. We always had antivirus software installed on computers where I worked in government and the large multinational I worked for – back in 1989.

The best malware scanner software that I’ve used, and the one that I recommend to other Mac users, is ClamXav.

ClamXav does an excellent job at scanning, definitions are always being updated quickly, it has a minimal impact on computer resources (unlike other software apps that are resource hogs), it has a simple interface, and best of all.. is that it’s free!

I think your article, though well written and informative, is narrow in scope. First off, I think it’s wrong to say that Apple and MacOS are actually being attacked. It’s actually Java. Java is known for a massive amount of vulnerabilities and any system, Unix, Linux, Mac or Windows, which runs Java is susceptible to these vulnerabilities. Apple has even gone as far as to remove it from their OS saying ‘If you want it, go download it directly, but hey, you’re putting yourself at risk’. My understanding of these most recent attack is that it focused on Snow Leopard release, not Lion (which contains ADR, causing any potential infection to be trapped in RAM and unable to affect any other parts of the system). I get the feeling you know all this, but I don’t feel you’ve portrayed it to your audience in this article. Why are Macs, Unix and Linux all more secure? Because they were built with system vs user level security directly into the OS while Windows only later adopted User and Service based permission rights (and administered it poorly might I ad). All in all, Macs will be target more heavily in the future, but the fact remains a system without Java is more secure. You would have to download the virus, run its installer and type in your password to become infected. If it makes it that far, then the system contains the malicious code and it can’t spread to any other programs or computers on the network (in the case of Lion). Isn’t that just smart?

The system is only as secure as it’s weakest link. Java lies in the system, so thus the system (Apple computers) can get compromised. Not trying to point fingers, but the problem was that Apple kept boasting they were “immune” and sold that to uninformed consumers and in fact they are not “immune”.

Solid reasoning. Let’s say I just went out and bought a Mac. Then, I looked and installed for the most buggy beta version of software X. Then, after getting hacked, I dismissed the solidity of Unix-like softwares thinking “Up yours, Apple! Seems I’m not immune to vulnerabilities opened upon using after-market software I installed of my own volition.”

Because they are popular now, the only reason they are being attacked. Also, Apple only sent out the update to consumers because of the risk it may have been on other computers, but they announced it was an internal attack that also attacked many large companies like Coca-Cola and EMC(a securities division for god’s sake). I’d also like to think it’s somewhat of a PR move for Apple to release something letting everyone know they have it under control. Do I think Apple computers are inviolable? No, but I do think they are less risky, and I also think that they are loosing the “Can’t get a virus on a Mac” ideology that people once had.

Mr. Worstall, your claim that malware authors have only now realized there are enough iOS devices to make them a valuable target to attack is laughable. If anything, Apple’s dominance in the mobile device field has lessened due to Android in the past year or two. Still, there is no question that iOS has been worth attacking for at least the past 3 or so years. The lack of massive penetrations is a sign that iOS has strong security, not security through obscurity.